Re: [Vol-users] Hidden Network connection?

I did a memory and volatile data acquisition with Helix. While using the enscript version of volatility I found on the blog, I ran it against the memorydump and the TCP network connections scan showed a connection: 192.168.1.104:1142 81.169.145.x:80 3852 The strange thing is, I cant find the process accociated with processid 3852 in the enscript version with pslist. When I run the volatility program from a linux commandline I cant see any connection at all (with the options connscan and connscan2) and there is no process in plist with id 3852. In the volatile data report of Helix this connection isnt showing either. Of course I want to know what kind of process this is, can anyone help me? Thanks a lot, K Bertens _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users